CVE-2025-13036
published 2026-06-16CVE-2025-13036: An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker…
PriorityP261critical9.2CVSS 4.0
AVNACLATPPRNUINVCHVIHVALSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.29%
20.6th percentile
An authentication
bypass security issue exists within FactoryTalk Historian Site Edition. By
continually sending requests to the login endpoint, an attacker may obtain a
valid authentication token.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | factorytalk_historian_se | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Rockwell Automation FactoryTalk Historian SE 11 Login Endpoint race condition (WID-SEC-2026-1982)
vuldb·2026-06-17·CVSS 9.2
CVE-2025-13036 [CRITICAL] Rockwell Automation FactoryTalk Historian SE 11 Login Endpoint race condition (WID-SEC-2026-1982)
A vulnerability labeled as critical has been found in Rockwell Automation FactoryTalk Historian SE 11. This affects an unknown function of the component Login Endpoint. The manipulation results in race condition.
This vulnerability is identified as CVE-2025-13036. The attack can be executed remotely. There is not any exploit available.
GHSA
An authentication bypass security issue exists within FactoryTalk Historian Site Edition.
ghsa_unreviewed·2026-06-16
CVE-2025-13036 [CRITICAL] CWE-362 An authentication bypass security issue exists within FactoryTalk Historian Site Edition.
An authentication
bypass security issue exists within FactoryTalk Historian Site Edition. By
continually sending requests to the login endpoint, an attacker may obtain a
valid authentication token.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-16
Published